Ethics _ Supplier Conduct Statement

Ethics & Supplier Conduct Statement – A & C Christofi Ltd (ACC CY)

Effective Date: 1 December 2025

1. Introduction & Binding Nature

  1. 1.1 A & C Christofi Ltd (ICPAC Licence E543/2023, HE 378179) is committed to the highest standards of professional ethics, integrity and transparency in all its activities.
  2. 1.2 This Ethics & Supplier Code of Conduct (“Code”) constitutes a binding contractual obligation for: (a) all employees, directors, contractors and agents of the Firm; (b) every supplier, vendor, subcontractor, consultant, cloud provider and business partner (“Supplier”) with whom the Firm enters into a contract or purchase order.
  3. 1.3 Acceptance of any purchase order, contract or payment from the Firm automatically incorporates this Code by reference and constitutes full acceptance of its terms.
  4. 1.4 Breach of this Code is a material breach of contract entitling the Firm to immediate termination for cause, suspension of payments and pursuit of all available remedies.

Signed: Chris Christofi – Managing Director
Date: 28 November 2025

2. Fundamental Ethical Principles

2.1 We adhere without exception to:

  • the International Ethics Standards Board for Accountants (IESBA) Code of Ethics 2024
  • Institute of Certified Public Accountants of Cyprus (ICPAC) Code of Professional Ethics
  • IFAC Member Body obligations
  • UN Global Compact Principles
  • OECD Guidelines for Multinational Enterprises
  • relevant EU legislation, including GDPR

Succinctly, the Firm comply with all applicable Cyprus laws and regulations including those of Anti-Money Laundering and Counter Terrorist Financing.

2.2 The five fundamental principles – Integrity, Objectivity, Professional Competence & Due Care, Confidentiality, and Professional Behaviour – apply equally to the Firm and to every Supplier.

2A. Use of AI & Ethical Technology

  1. 2A.1 Suppliers shall use artificial intelligence (AI), machine learning, or automated tools responsibly and transparently.
  2. 2A.2 AI must not be used to make decisions affecting Firm personnel or clients without human review.
  3. 2A.3 Suppliers must not input Firm or client confidential data into public AI systems unless expressly authorised in writing.
  4. 2A.4 High-Risk AI systems must comply with the EU AI Act (once in force), including risk-classification, documentation, and bias-mitigation obligations.

3. Zero-Tolerance Prohibited Practices

The following are strictly prohibited and will result in immediate contract termination and reporting to authorities:

  • Any form of bribery or corruption
  • Facilitation or “grease” payments
  • Money laundering or terrorist financing
  • Breach of international sanctions (EU, UK, UN, OFAC)
  • Insider trading or market abuse
  • Fraud, forgery or false accounting manipulation
  • Modern slavery, human trafficking, forced or child labour
  • Serious environmental crimes

3A. Sanctions & Export Controls

Suppliers must comply with all applicable EU, UK, US (OFAC), UN, and Cyprus sanctions and export-control laws. Suppliers warrant that they are not owned, linked to, or controlled by any sanctioned individual or entity.

Any match in sanctions screening constitutes grounds for immediate termination.

4. Anti-Bribery & Anti-Corruption Framework

  1. 4.1 The Firm operates a zero-tolerance anti-bribery policy compliant with The Cyprus Criminal Code, EU anti-corruption directives, UK Bribery Act 2010, and US FCPA.

4.2 Gifts, hospitality and entertainment:

Value (per person per year) Requirement
≤ €50 Declaration within 7 days
€51 – €150 Pre-approval from Managing Director + entry in register
> €150 Prohibited without Board approval (exceptional circumstances only)
  1. 4.3 All approved gifts and hospitality are recorded in the central Gifts & Hospitality Register maintained by the Compliance Officer.
  2. 4.4 Political and charitable donations on behalf of the Firm are prohibited unless pre-approved by the Board and fully transparent.
  3. 4.5 Red-flag indicators (e.g., unusual payment methods, offshore intermediaries, “success fees” without documented services) trigger immediate escalation.

5. Modern Slavery & Human Trafficking

  1. 5.1 The Firm maintains a zero-tolerance stance toward modern slavery in any part of its business or supply chain.
  2. 5.2 Suppliers warrant that neither they nor any of their subcontractors:
    1. use forced, bonded, indentured or prison labour;
    2. engage in human trafficking or exploitation;
    3. employ any person below the local minimum working age or below 16 (whichever is higher).
  3. 5.3 High-risk Suppliers (cleaning, security, IT hardware, offshore support) are required to complete an annual Modern Slavery Questionnaire and accept on-site or remote audits on 14 days’ notice.
  4. 5.4 Modern Slavery Risk Mapping: The Firm conducts an annual modern slavery risk map covering all Suppliers, with enhanced controls for higher-risk jurisdictions and industries (cleaning, construction, logistics, IT hardware, offshore outsourcing).
  5. 5.5 Annual Supplier Slavery Statement: High-risk Suppliers must publish, or provide to the Firm, an annual Modern Slavery & Human Trafficking Statement setting out controls, remediation steps, and audit results.

6. Fair Labour & Human Rights

  1. 6.1 Suppliers shall:
    • Pay at least the local living wage (or industry benchmark where higher)
    • Respect maximum working hours under ILO Convention 1 (48 hours/week + voluntary overtime)
    • Provide safe and hygienic working conditions meeting or exceeding ISO 45001 standards
    • Allow freedom of association and collective bargaining
    • Prohibit physical punishment, mental or physical coercion and verbal abuse
  2. 6.2 The Firm gives preference to Suppliers holding SA8000, Sedex SMETA or equivalent certification.

7. Anti-Discrimination, Diversity & Inclusion

  1. 7.1 Discrimination, harassment or victimisation on grounds of age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion/belief, sex or sexual orientation is prohibited.
  2. 7.2 Suppliers with more than 20 employees must maintain and publish an Equal Opportunity Policy and provide diversity statistics upon request.
  3. 7.3 The Firm actively encourages Suppliers owned or led by women, minorities or persons with disabilities.

8. Conflicts of Interest & Confidentiality

  1. 8.1 Suppliers must promptly disclose any actual, potential or perceived conflict of interest (including family or financial relationships with Firm personnel).
  2. 8.2 All confidential information, client data and trade secrets disclosed by the Firm remain the exclusive property of the Firm or its clients and must be protected with at least the same level of care the Supplier uses for its own confidential information (and in no event less than reasonable care).
  3. 8.3 Confidentiality obligations survive termination of the business relationship indefinitely.

9. Environmental Responsibility & Sustainability

  1. 9.1 Suppliers shall comply with all applicable environmental laws and shall implement an environmental management system (preferably ISO 14001 or EMAS certified).
  2. 9.2 Suppliers with annual turnover > €5 million must publish annual carbon emissions and a credible net-zero roadmap by 2035 at the latest.
  3. 9.3 The Firm gives preferential scoring to Suppliers who:
    • use renewable energy
    • minimise single-use plastics
    • participate in circular-economy initiatives
    • hold science-based targets validated by SBTi
  4. 9.4 Climate Risk Management: Suppliers shall identify and manage climate-related risks consistent with TCFD or ESRS E1 guidelines.
  5. 9.5 Carbon Reduction Targets: Medium and high-emission Suppliers must set measurable carbon-reduction targets with annual updates.
  6. 9.6 Greenwashing Prohibition: Suppliers must not make misleading environmental claims; all statements must be evidence-based and verifiable.

9A. ESG & Responsible Business Conduct

  1. 9A.1 Suppliers must implement responsible business practices aligned with the UN Sustainable Development Goals (SDGs), including responsible consumption, climate action, decent work, and anti-corruption.
  2. 9A.2 Suppliers with >20 employees must maintain an Environmental, Social & Governance (ESG) policy and provide ESG performance data upon request.
  3. 9A.3 Suppliers with annual turnover > €5 million must prepare sustainability disclosures consistent with the EU Corporate Sustainability Reporting Directive (CSRD) or equivalent recognised standard.
  4. 9A.4 The Firm reserves the right to require corrective measures where Supplier ESG practices pose reputational or regulatory risk.

9B. Ethical Procurement

  1. 9B.1 Suppliers of electronics, hardware, or components shall ensure materials are not sourced from conflict-affected or high-risk areas unless fully traceable and conflict-free.
  2. 9B.2 Where applicable, Suppliers must comply with the EU Conflict Minerals Regulation (2017/821).

10. Fair Competition & Anti-Trust Compliance

  1. 10.1 Suppliers must compete fairly and comply with EU and Cyprus competition law.
  2. 10.2 Prohibited conduct includes price-fixing, market allocation, bid-rigging, or exchanging competitively sensitive information with competitors.

11. Data Protection & Information Security

  1. 11.1 Where Suppliers process personal data on behalf of the Firm, they act as Processors and must enter into the Firm’s standard Data Processing Agreement incorporating EU Standard Contractual Clauses (2021/914) and the UK Addendum where required.
  2. 11.2 Suppliers must maintain ISO 27001 (or equivalent) certification and submit annual SOC 2 Type II or ISAE 3000 reports.
  3. 11.3 Any breach of client data must be reported to dataprotection@acccyp.com within 24 hours.

11A. Cyber Supply-Chain Security

  1. 11A.1 Suppliers shall maintain controls consistent with NIS2, ISO 27001:2022, and industry best practice.
  2. 11A.2 Suppliers providing cloud, hosting, software, or managed services must:
    • implement multi-factor authentication and secure development practices
    • conduct annual vulnerability scans and penetration testing
    • notify the Firm of any material cyber incident within 12 hours of detection
    • ensure their own subcontractors uphold equivalent standards
  3. 11A.3 The Firm may require evidence of secure software development lifecycle (SSDLC), encryption standards, and incident response procedures.

12. Supplier Selection & Ongoing Due Diligence

  1. 12.1 All new Suppliers undergo risk-based screening including:
    • sanctions / PEP / adverse-media checks
    • modern-slavery risk assessment
    • anti-bribery questionnaire
  2. 12.2 High-risk Suppliers are re-screened annually; medium/low-risk every three years.

13. Reporting, Whistleblower Protection & Non-Retaliation

  1. 13.1 Any person may report suspected violations confidentially and anonymously via:
    Email: ethics@acccyp.com (managed by independent external law firm)
    Telephone hotline: +357 25 332 177 (voicemail encrypted)
    Postal: “Confidential – Ethics Committee”, Firm address
  2. 13.2 Reports are acknowledged within 48 hours and investigated within 30 days.
  3. 13.3 Whistleblowers are protected under Cyprus Law 6(III)/2022 and EU Directive 2019/1937 – retaliation is gross misconduct.

14. Audit Rights, Remediation & Sanctions

  1. 14.1 The Firm reserves the right to audit Supplier compliance (announced or unannounced) on 14 days’ notice (3 days for high-risk Suppliers).
  2. 14.2 Suppliers must submit corrective action plans within 15 days of any non-conformity.

14.3 Breach consequences:

Breach Type Consequence
Minor / remediable Written warning + corrective action plan
Serious (e.g., bribery, slavery) Immediate suspension + termination for cause
Criminal conduct Reporting to ICPAC, Cyprus Police, HMRC, OFAC

14.1A On-Site Assessments

The Firm may conduct on-site inspections, worker interviews, document reviews, and supply-chain tracing where modern slavery, bribery, safety, or data-security concerns arise. Suppliers must provide full access to premises, personnel, and subcontractors.

15. Governance, Training & Continuous Improvement

  1. 15.1 The Board of Directors oversees this Code via the Ethics & Compliance Committee (meets quarterly).
  2. 15.2 All Firm personnel receive annual ethics training; key Suppliers are invited to an annual Supplier Ethics Forum.
  3. 15.3 KPIs (training completion, audit findings, whistleblower reports) are reported to the Board annually.
  4. 15.4 This Code is reviewed annually or upon material regulatory change.
  5. 15.5 Suppliers must flow down equivalent standards to their own sub-suppliers.

15.5 Sub-Supplier Transparency

Suppliers must:

  • disclose all subcontractors engaged in providing services to the Firm;
  • obtain the Firm’s written approval before adding or replacing any subcontractor;
  • flow down equivalent ethical, human-rights, environmental, and data-security standards;
  • provide annual confirmation that sub-suppliers remain compliant.

Signed on behalf of the Board
Chris Christofi
Managing Director
Date: 28 November 2025

END OF CODE